How to Protect Your Organization from Ransomware 

The latest ransomware is sophisticated and hard to spot. These five strategies can help ward off cyberattacks.

Ransomware is a dynamic form of malware designed to encrypt files on a device, rendering its data and systems unusable. Until recently, these security threats primarily came as automatically generated emails and bots with suspicious links and typos.

However, ransomware and security threats have become much more sophisticated, directed by humans who research companies to customize their attacks and capitalize on human error. They may go so far as to understand an individual’s role within an organization and mimic the communications that individual usually receives.

Once inside an organization, attackers quickly “spread out” and threaten systems at scale before demanding ransom. Most security breaches are executed in minutes, yet they can go undetected for months.

SonicWall’s 2022 Cyber Threat Report revealed that Hawai‘i is among the top 10 states most at risk for malware.

In light of everything happening in the world, now is as good a time as ever for organizations to take stock of their cybersecurity preparedness. Proactively managing ransomware attacks is possible but requires adapting best practices as threats evolve. Here are a few of my recommendations that will help organizations stay vigilant.

1. RIGOROUSLY FOLLOW SOFTWARE MAINTENANCE PRACTICES FOR INFRASTRUCTURE AND APPLICATIONS.

A surprising number of cyberattacks succeed because an enterprise isn’t running the latest versions of mission-critical software.

2. GIVE TOP PRIORITY TO ACCESS SECURITY.

In a world where many or all employees are remote, access points have become a common entry point for attackers.

3. AVOID VULNERABILITY WITH MULTIFACTOR AUTHENTICATION.

MFA – requiring multiple login steps in addition to a password – used to be considered too much friction for everyday users. Thanks to increased use of biometrics, it’s become less cumbersome. Be sure to implement it across your enterprise.

4. PROTECT BACKED-UP DATA.

Nearly every enterprise has storage limitations, so this practice requires a comprehensive data maintenance program that complies with changing regulations and allows for proper storage, backup and deletion of data.

5. CONTINUALLY PROVIDE AND UPDATE SECURITY TRAINING.

Educating IT staff is only the first step; users across the enterprise must also be enlisted in the fight against ransomware. Employees interacting with customers, suppliers, partners and others are frequently targets of these attacks and must continually be educated about the latest threats so they can identify them and alert the enterprise security team before it’s too late.